Verification Code (via Email / SMS)

Hi all,

I’m building a form where I need a user to verify either their mobile or email. The idea is that the user can choose which, and they’ll be sent a code to enter. The experience should be the same for both. Also, given it’s middway through a multi-step form, I don’t want them to be sent any ‘links’ that they need to click to verify.

The advised approach from this forum is to:

  1. On Submit:
    a. Create a user account.
    b. Populate a ‘verification_code’ field on the User type (using a random string generator)
    c. Send the code to the channel (Email/SMS) chosen by the user.
  2. Have the user enter the code into a field and compare the value with the ‘verification_code’ field.

My questions are:

  1. How secure is this? Wouldn’t a malicious actor be able to inspect the User data type to see the code they need to enter (avoiding the need to provide a valid email/phone)?
  2. Many of the posts I am following are from a few years back… Given it’s late 2024 is there a better ‘out-of-the’ box solution that’s consistent across mobile/email?

Thanks all :slight_smile:

Hey @thethinklab.au,

This is how I usually do this is:

  1. Have a backend workflow I use to send the verification code: generate the Calculate Formula or whatever it’s call field, then send the code to the proper channels.

  2. I would have another backend workflow used to check if the code is correct and then return the response (I use the Bubble App Connector for this and run it using an admin token) and then continue the flow from there.

Just make sure the verification code is actually private to the user via privacy rules.

1 Like

Thanks!

Another question, do you use fields on the user type to manage and compare the codes? I saw another solution where that person created a whole seperate data type call “verification code”, which has a “related user” field…

Not sure on the merit of this?

I personally just use it on the user data type because it’s only one field

I think it’s part personal preference too